CVE-2017-5140

Опубликовано: 13 фев. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text.

Ссылки

http://www.securityfocus.com/bid/95971
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/95971
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:honeywell:xl_web_ii_controller:xlwebexe-1-02-08:*:*:*:*:*:*:*

cpe:2.3:o:honeywell:xl_web_ii_controller:xlwebexe-2-01-00:*:*:*:*:*:*:*

cpe:2.3:h:honeywell:xl_web_ii_controller:-:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00419

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-522

Связанные уязвимости

GHSA-5pwf-gj98-3g36